Cleartext storage of sensitive information in Fujitsu products - CVE-2023-39903
Published: September 14, 2023
Vulnerability identifier: #VU80784
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-39903
CWE-ID: CWE-312
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Fujitsu
Affected software:
Infrastructure Manager Advanced Edition
Infrastructure Manager Advanced Edition for PRIMEFLEX
Infrastructure Manager Essential Edition
Infrastructure Manager Advanced Edition
Infrastructure Manager Advanced Edition for PRIMEFLEX
Infrastructure Manager Essential Edition
Detailed vulnerability description
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to cleartext storage of sensitive information in the ismsnap component. A local user can retrieve the password for the proxy server that is configured in ISM.
How to mitigate CVE-2023-39903
Install updates from vendor's website.